WhatsApp’s controversial privacy policy has put the whole world on red alert. Many have even switched to other chat messengers to avoid their data getting breached. WhatsApp even issued a statement trying to quell rumours by giving front-page print adverts, but that did little to assuage fears. The Indian government recently directed Facebook that owns Whatsapp, to withdraw its new privacy policies. Many organisations have work groups on the social-media platform, which are used for various purposes, from dispensing company information to sharing office stories amongst colleagues instantly.
What made many uncomfortable was the fact that the US was exempted from accepting the policy update, while it was made mandatory for India users. In fact, the deal is that if users fail to agree to the terms, their accounts will be deleted. In such a situation, what happens to these work groups on WhatsApp?
Changing from one app to another will not change user behaviour or ignorance. Data privacy and security need to be taken seriously. Organisations will need to evolve their privacy and security policies to create systems governed by ‘digital empathy’.
Amit Das, CHRO, Bennett Coleman & Company
A Guild 2020 research revealed that 41 per cent of UK workers admit to using WhatsApp at work, even though WhatsApp’s terms of service prohibit non-personal use. In a 2015 study of 2,107 doctors and 4,069 nurses from the British Medical Journal (BMJ) highlighted that 33 per cent of doctors and six per cent of nurses were using app-based messaging to send patient-related clinical information to their colleagues. Employees tend to use apps at work, which they are more comfortable with, thereby increasing the risk of data breach. Although the Government has requested Facebook to retract the controversial policy, this definitely is a sign that perhaps it is time to look elsewhere. Most HR experts agree.
Jayati Roy, director – HR, Barco, reveals that in her organisation, WhatsApp was never allowed by Barco as a company. “Our chief information and security advisor gives out stringent guidelines. Tools like Multimeter, which are used to create polls, are not allowed either. Only specific tools, that are security driven, are allowed. Everything else gets flagged off due to security concerns. I think that’s the way forward. Sometimes, it dilutes the personal and professional levels when one starts sending out to too many non-officially managed groups. Once one puts it out on WhatsApp, there’s no controlling how far it goes. One would see a number of groups sharing out guidebooks or policy documents of companies. That’s how it flows out. Ideally, they shouldn’t even be used for office communication. Even WhatsApp doesn’t say it is for official communication.”
We do have other platforms now which are far better than WhatsApp in terms of features. Also, I really believe it’s always good to have multiple players in the market. It gives one choices.
Debjani Roy, chief HR officer, Mind Your Fleet
In January 2020, JP Morgan suspended one of its senior traders who apparently connected with colleagues in a WhatsApp group. The social-media platform employs end-to-end encryption, which means the information stays between the sender and receiver alone. However, many don’t find it convincing enough because it can’t be monitored. Even if that’s the case, Debjani Roy, chief HR officer, Mind Your Fleet, doesn’t think coming down harshly on an employee is a solution at all. “In the personal space, an organisation cannot dictate which platform an employee uses. What it can probably do is, issue a moratorium on the same in terms of official work. Organisations can align policies in such a way that employees are not on Whatsapp when they are transacting official work.”
She supports the thought that adoption of an in-house messenger and a clearly elucidated code of conduct is the way forward without impacting the employees. Roy also adds that WhastApp got the early movers advantage when it was launched, but today there are other apps with better qualities or features available. “We do have other platforms now which are far better than WhatsApp in terms of features. Also, I really believe it’s always good to have multiple players in the market. It gives one choices. None of them then suffer from a Big Brother syndrome, like WhatsApp, and so it’s always healthier if there are more options.”
WhatsApp may have made everyone’s lives easier with its friendly interface and smooth transaction of messages, but it has its problems. Its use at workplaces will need to be relooked at.
We have stringent guidelines. Only specific tools, that are security driven, are allowed. Tools, such as Multimeter, which are used to create polls, are not allowed either. Everything else gets flagged off due to security concerns. I think that’s the way forward.
Jayati Roy, director – HR, Barco
Amit Das, CHRO, Bennett Coleman & Company, feels that enterprises must think of their data security issues through implementation of what we now know as Zero Trust Security, which is based on the principle: never trust, always verify. A Zero Trust Security architecture works by managing and granting access based on the continual verification of identities, devices and services. This is also the time for organisations to educate users about secure and responsible use of various interaction channels. A Verizon report of 2019 projected that 34 per cent of data breaches are perpetrated by inside users. “Changing from one app to another will not change user behaviour and ignorance. Organisations will need to take data privacy and security seriously. They will need to evolve their privacy and security policies to create such systems that are governed by ‘digital empathy’”, points out Das. In cybersecurity, ‘digital empathy’ means building tools that can accommodate a diverse group of employees’ ever-changing circumstances.
“If business work groups are going to operate, they must all be hosted in a Zero Trust secure environment provided by the company. This means, protecting all identities, updating employee devices, and managing cloud-based apps,” explains Das. For instance, companies can use Azure Active Directory to protect identities, Defender ATP to update connecting devices, and Cloud App Security to manage Cloud-based apps, to make it easier for employees to work remotely, even while improving security for the client organisation.
